ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.Siggen8.54487

Added to the Dr.Web virus database: 2019-11-09

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'MessengerTime' = '%APPDATA%\MessengerTime\MessengerTime.exe su'
Modifies file system
Creates the following files
  • %APPDATA%\messengertime\messengertime.exe
  • %TEMP%\nw908_1210\node_modules\once\package.json
  • %TEMP%\nw908_1210\node_modules\readable-stream\lib\_stream_readable.js
  • %TEMP%\nw908_1210\node_modules\readable-stream\lib\_stream_passthrough.js
  • %TEMP%\nw908_1210\node_modules\readable-stream\lib\_stream_duplex.js
  • %TEMP%\nw908_1210\node_modules\readable-stream\duplex.js
  • %TEMP%\nw908_1210\node_modules\readable-stream\readme.md
  • %TEMP%\nw908_1210\node_modules\qs\test\stringify.js
  • %TEMP%\nw908_1210\node_modules\qs\test\parse.js
  • %TEMP%\nw908_1210\node_modules\qs\package.json
  • %TEMP%\nw908_1210\node_modules\qs\lib\utils.js
  • %TEMP%\nw908_1210\node_modules\qs\lib\stringify.js
  • %TEMP%\nw908_1210\node_modules\qs\lib\parse.js
  • %TEMP%\nw908_1210\node_modules\qs\lib\index.js
  • %TEMP%\nw908_1210\node_modules\qs\index.js
  • %TEMP%\nw908_1210\node_modules\readable-stream\lib\_stream_transform.js
  • %TEMP%\nw908_1210\node_modules\qs\readme.md
  • %TEMP%\nw908_1210\node_modules\qs\changelog.md
  • %TEMP%\nw908_1210\node_modules\punycode\punycode.js
  • %TEMP%\nw908_1210\node_modules\punycode\package.json
  • %TEMP%\nw908_1210\node_modules\punycode\readme.md
  • %TEMP%\nw908_1210\node_modules\punycode\license-mit.txt
  • %TEMP%\nw908_1210\node_modules\psl\yarn.lock
  • %TEMP%\nw908_1210\node_modules\psl\package.json
  • %TEMP%\nw908_1210\node_modules\psl\karma.conf.js
  • %TEMP%\nw908_1210\node_modules\psl\index.js
  • %TEMP%\nw908_1210\node_modules\psl\dist\psl.min.js
  • %TEMP%\nw908_1210\node_modules\psl\dist\psl.js
  • %TEMP%\nw908_1210\node_modules\psl\data\rules.json
  • %TEMP%\nw908_1210\node_modules\psl\readme.md
  • %TEMP%\nw908_1210\node_modules\path-is-absolute\readme.md
  • %TEMP%\nw908_1210\node_modules\qs\contributing.md
  • %TEMP%\nw908_1210\node_modules\path-is-absolute\package.json
  • %TEMP%\nw908_1210\node_modules\readable-stream\package.json
  • %TEMP%\nw908_1210\node_modules\readable-stream\passthrough.js
  • %TEMP%\nw908_1210\node_modules\sntp\examples\offset.js
  • %TEMP%\nw908_1210\node_modules\request\request.js
  • %TEMP%\nw908_1210\node_modules\rimraf\readme.md
  • %TEMP%\nw908_1210\node_modules\rimraf\bin.js
  • %TEMP%\nw908_1210\node_modules\rimraf\package.json
  • %TEMP%\nw908_1210\node_modules\rimraf\rimraf.js
  • %TEMP%\nw908_1210\node_modules\sntp\readme.md
  • %TEMP%\nw908_1210\node_modules\sntp\examples\time.js
  • %TEMP%\nw908_1210\node_modules\mkdirp\test\return_sync.js
  • %TEMP%\nw908_1210\node_modules\sntp\index.js
  • %TEMP%\nw908_1210\node_modules\sntp\lib\index.js
  • %TEMP%\nw908_1210\node_modules\sntp\package.json
  • %TEMP%\nw908_1210\node_modules\sntp\test\index.js
  • %TEMP%\nw908_1210\node_modules\string_decoder\readme.md
  • %TEMP%\nw908_1210\node_modules\request\package.json
  • %TEMP%\nw908_1210\node_modules\string_decoder\index.js
  • %TEMP%\nw908_1210\node_modules\request\release.sh
  • %TEMP%\nw908_1210\node_modules\request\lib\helpers.js
  • %TEMP%\nw908_1210\node_modules\request\lib\debug.js
  • %TEMP%\nw908_1210\node_modules\request\lib\copy.js
  • %TEMP%\nw908_1210\node_modules\request\lib\cookies.js
  • %TEMP%\nw908_1210\node_modules\request\index.js
  • %TEMP%\nw908_1210\node_modules\request\examples\readme.md
  • %TEMP%\nw908_1210\node_modules\request\disabled.appveyor.yml
  • %TEMP%\nw908_1210\node_modules\request\readme.md
  • %TEMP%\nw908_1210\node_modules\request\contributing.md
  • %TEMP%\nw908_1210\node_modules\request\changelog.md
  • %TEMP%\nw908_1210\node_modules\readable-stream\writable.js
  • %TEMP%\nw908_1210\node_modules\readable-stream\transform.js
  • %TEMP%\nw908_1210\node_modules\readable-stream\readable.js
  • %TEMP%\nw908_1210\node_modules\readable-stream\lib\_stream_writable.js
  • %TEMP%\nw908_1210\node_modules\path-is-absolute\index.js
  • %TEMP%\nw908_1210\node_modules\once\once.js
  • %TEMP%\nw908_1210\node_modules\once\readme.md
  • %TEMP%\nw908_1210\node_modules\minimist\package.json
  • %TEMP%\nw908_1210\node_modules\mkdirp\index.js
  • %TEMP%\nw908_1210\node_modules\mkdirp\examples\pow.js
  • %TEMP%\nw908_1210\node_modules\mkdirp\bin\usage.txt
  • %TEMP%\nw908_1210\node_modules\mkdirp\bin\cmd.js
  • %TEMP%\nw908_1210\node_modules\minimist\test\whitespace.js
  • %TEMP%\nw908_1210\node_modules\minimist\test\short.js
  • %TEMP%\nw908_1210\node_modules\minimist\test\parse_modified.js
  • %TEMP%\nw908_1210\node_modules\minimist\test\parse.js
  • %TEMP%\nw908_1210\node_modules\minimist\test\long.js
  • %TEMP%\nw908_1210\node_modules\minimist\test\dotted.js
  • %TEMP%\nw908_1210\node_modules\minimist\test\default_bool.js
  • %TEMP%\nw908_1210\node_modules\minimist\test\dash.js
  • %TEMP%\nw908_1210\node_modules\minimist\readme.markdown
  • %TEMP%\nw908_1210\node_modules\mkdirp\package.json
  • %TEMP%\nw908_1210\node_modules\mkdirp\readme.markdown
  • %TEMP%\nw908_1210\node_modules\mkdirp\test\chmod.js
  • %TEMP%\nw908_1210\node_modules\minimatch\package.json
  • %TEMP%\nw908_1210\node_modules\minimatch\minimatch.js
  • %TEMP%\nw908_1210\node_modules\minimatch\readme.md
  • %TEMP%\nw908_1210\node_modules\mime-types\package.json
  • %TEMP%\nw908_1210\node_modules\mime-types\lib\node.json
  • %TEMP%\nw908_1210\node_modules\mime-types\lib\mime.json
  • %TEMP%\nw908_1210\node_modules\mime-types\lib\index.js
  • %TEMP%\nw908_1210\node_modules\mime-types\lib\custom.json
  • %TEMP%\nw908_1210\node_modules\mime-types\component.json
  • %TEMP%\nw908_1210\node_modules\mime-types\sources.md
  • %TEMP%\nw908_1210\node_modules\mime-types\readme.md
  • %TEMP%\nw908_1210\node_modules\mime-db\package.json
  • %TEMP%\nw908_1210\node_modules\mime-db\index.js
  • %TEMP%\nw908_1210\node_modules\minimist\example\parse.js
  • %TEMP%\nw908_1210\node_modules\mkdirp\test\clobber.js
  • %TEMP%\nw908_1210\node_modules\oauth-sign\package.json
  • %TEMP%\nw908_1210\node_modules\node-uuid\readme.md
  • %TEMP%\nw908_1210\node_modules\oauth-sign\test.js
  • %TEMP%\nw908_1210\node_modules\node-uuid\benchmark\bench.gnu
  • %TEMP%\nw908_1210\node_modules\oauth-sign\index.js
  • %TEMP%\nw908_1210\node_modules\oauth-sign\readme.md
  • %TEMP%\nw908_1210\node_modules\node-uuid\v3.js
  • %TEMP%\nw908_1210\node_modules\node-uuid\uuid.js
  • %TEMP%\nw908_1210\node_modules\node-uuid\test\test.js
  • %TEMP%\nw908_1210\node_modules\node-uuid\test\test.html
  • %TEMP%\nw908_1210\node_modules\node-uuid\test\compare_v1.js
  • %TEMP%\nw908_1210\node_modules\node-uuid\package.json
  • %TEMP%\nw908_1210\node_modules\node-uuid\lib\sha1-browser.js
  • %TEMP%\nw908_1210\node_modules\node-uuid\component.json
  • %TEMP%\nw908_1210\node_modules\node-uuid\bower.json
  • %TEMP%\nw908_1210\node_modules\node-uuid\benchmark\benchmark.js
  • %TEMP%\nw908_1210\node_modules\node-uuid\benchmark\benchmark-native.c
  • %TEMP%\nw908_1210\node_modules\node-uuid\benchmark\bench.sh
  • %TEMP%\nw908_1210\node_modules\node-uuid\benchmark\readme.md
  • %TEMP%\nw908_1210\node_modules\node-uuid\license.md
  • %TEMP%\nw908_1210\node_modules\mkdirp\test\umask_sync.js
  • %TEMP%\nw908_1210\node_modules\mkdirp\test\umask.js
  • %TEMP%\nw908_1210\node_modules\mkdirp\test\sync.js
  • %TEMP%\nw908_1210\node_modules\mkdirp\test\root.js
  • %TEMP%\nw908_1210\node_modules\mkdirp\test\return.js
  • %TEMP%\nw908_1210\node_modules\mime-db\db.json
  • %TEMP%\nw908_1210\node_modules\string_decoder\package.json
  • %TEMP%\nw908_1210\node_modules\mkdirp\test\race.js
  • %TEMP%\nw908_1210\node_modules\mkdirp\test\perm_sync.js
  • %TEMP%\nw908_1210\node_modules\mkdirp\test\perm.js
  • %TEMP%\nw908_1210\node_modules\mkdirp\test\opts_fs_sync.js
  • %TEMP%\nw908_1210\node_modules\mkdirp\test\opts_fs.js
  • %TEMP%\nw908_1210\node_modules\mkdirp\test\mkdirp.js
  • %TEMP%\nw908_1210\node_modules\mkdirp\test\rel.js
  • %TEMP%\nw908_1210\node_modules\minimist\index.js
  • %TEMP%\nw908_1210\node_modules\stringstream\license.txt
  • %TEMP%\nw908_1210\node_modules\tar\lib\pack.js
  • %LOCALAPPDATA%\messengertime\cache\3c7310c5989d02bf_0
  • %LOCALAPPDATA%\messengertime\cache\0906a5e003b1e8d8_0
  • %LOCALAPPDATA%\messengertime\cache\2b939dd23ed1d97b_0
  • %LOCALAPPDATA%\messengertime\cache\509549183b4ac4f0_0
  • %LOCALAPPDATA%\messengertime\cache\a3f1ad964d914d3c_0
  • %LOCALAPPDATA%\messengertime\cache\18d0359dbaca9f92_0
  • %LOCALAPPDATA%\messengertime\cache\97fc9895575b963f_0
  • %LOCALAPPDATA%\messengertime\cache\bfdc6b7fdfe0e714_0
  • %LOCALAPPDATA%\messengertime\local storage\file__0.localstorage
  • %LOCALAPPDATA%\messengertime\local storage\file__0.localstorage-journal
  • %LOCALAPPDATA%\messengertime\cache\index-dir\temp-index
  • %LOCALAPPDATA%\messengertime\cache\3daa17c1ef12c9cd_0
  • %LOCALAPPDATA%\messengertime\cache\index
  • %LOCALAPPDATA%\messengertime\cookies
  • %TEMP%\nw908_1210\node_modules\universal-analytics\test\send.js
  • %TEMP%\etilqs_axebvnvjrdbytdb
  • %LOCALAPPDATA%\messengertime\web data
  • %TEMP%\etilqs_yqbz4kdr8n18fha
  • %LOCALAPPDATA%\messengertime\web data-journal
  • %TEMP%\nw908_1210\storage\storageutil.js
  • %TEMP%\nw908_1210\storage\storage.js
  • %TEMP%\nw908_1210\shallow.html
  • %TEMP%\nw908_1210\settings.js
  • %TEMP%\nw908_1210\report.bin
  • %TEMP%\nw908_1210\package.json
  • %TEMP%\nw908_1210\package-lock.json
  • %TEMP%\nw908_1210\node_modules\wrappy\wrappy.js
  • %TEMP%\nw908_1210\node_modules\wrappy\package.json
  • %TEMP%\nw908_1210\node_modules\wrappy\readme.md
  • %TEMP%\nw908_1210\node_modules\universal-analytics\test\transaction.js
  • %LOCALAPPDATA%\messengertime\cookies-journal
  • %TEMP%\nw908_1210\node_modules\universal-analytics\test\timing.js
  • %LOCALAPPDATA%\messengertime\cache\3711e43d24087986_0
  • %LOCALAPPDATA%\messengertime\cache\cd3c38a447ee3b60_0
  • %LOCALAPPDATA%\messengertime\cache\9515ad73566310f3_0
  • %LOCALAPPDATA%\messengertime\cache\161c2210fa303c27_0
  • %LOCALAPPDATA%\messengertime\cache\8cbcc018ba039422_0
  • %LOCALAPPDATA%\messengertime\cache\5e721eec36958a68_0
  • %LOCALAPPDATA%\messengertime\cache\2cd9794f52e24e4f_0
  • %LOCALAPPDATA%\messengertime\databases\databases.db-journal
  • %LOCALAPPDATA%\messengertime\databases\databases.db
  • %TEMP%\nw908_1210\node_modules\universal-analytics\test\mocha.opts
  • %LOCALAPPDATA%\messengertime\quotamanager-journal
  • %TEMP%\etilqs_mneaxdbu5j2c7fy
  • %LOCALAPPDATA%\messengertime\quotamanager
  • %LOCALAPPDATA%\messengertime\databases\file__0\1-journal
  • %LOCALAPPDATA%\messengertime\databases\file__0\1
  • %LOCALAPPDATA%\messengertime\cache\b748772023eea3c7_0
  • %LOCALAPPDATA%\messengertime\cache\dde6ca0e96ec7b42_0
  • %LOCALAPPDATA%\messengertime\cache\05fd40a09d6807cf_0
  • %LOCALAPPDATA%\messengertime\cache\c9144a4f88e666f0_0
  • %LOCALAPPDATA%\messengertime\cache\a773fef730936c10_0
  • %LOCALAPPDATA%\messengertime\cache\de5d4609884855bd_0
  • %LOCALAPPDATA%\messengertime\cache\afa5b0c667a7ea4f_0
  • %LOCALAPPDATA%\messengertime\cache\7e3cdd1d75f89fbe_0
  • %LOCALAPPDATA%\messengertime\cache\46a6fa395fd9530d_0
  • %LOCALAPPDATA%\messengertime\cache\6787f2ca849a4301_0
  • %LOCALAPPDATA%\messengertime\cache\35f3137a35efe120_0
  • %LOCALAPPDATA%\messengertime\cache\18c93fe3f7880d1d_0
  • %LOCALAPPDATA%\messengertime\cache\9ff5734baf9b6c99_0
  • %LOCALAPPDATA%\messengertime\cache\953e832c7c4172e1_0
  • %LOCALAPPDATA%\messengertime\cache\cdb2aad34cd28060_0
  • %LOCALAPPDATA%\messengertime\cache\27ae3315f8493df1_0
  • %LOCALAPPDATA%\messengertime\cache\61cfb29d7fe41bd6_0
  • %LOCALAPPDATA%\messengertime\cache\d362fe4736f6b584_0
  • %TEMP%\nw908_1210\node_modules\universal-analytics\test\pageview.js
  • %TEMP%\nw908_1210\node_modules\universal-analytics\test\middleware.js
  • %TEMP%\nw908_1210\node_modules\fs.realpath\index.js
  • %TEMP%\nw908_1210\node_modules\tar\lib\parse.js
  • %TEMP%\nw908_1210\node_modules\tar\test\pack.js
  • %TEMP%\nw908_1210\node_modules\tar\test\pack-no-proprietary.js
  • %TEMP%\nw908_1210\node_modules\tar\test\header.js
  • %TEMP%\nw908_1210\node_modules\tar\test\fixtures.tgz
  • %TEMP%\nw908_1210\node_modules\tar\test\extract.js
  • %TEMP%\nw908_1210\node_modules\tar\test\extract-move.js
  • %TEMP%\nw908_1210\node_modules\tar\test\error-on-broken.js
  • %TEMP%\nw908_1210\node_modules\tar\test\dir-normalization.tar
  • %TEMP%\nw908_1210\node_modules\tar\test\dir-normalization.js
  • %TEMP%\nw908_1210\node_modules\tar\test\cb-never-called-1.0.1.tgz
  • %TEMP%\nw908_1210\node_modules\tar\test\00-setup-fixtures.js
  • %TEMP%\nw908_1210\node_modules\tar\tar.js
  • %TEMP%\nw908_1210\node_modules\tar\package.json
  • %TEMP%\nw908_1210\node_modules\tough-cookie\readme.md
  • %TEMP%\nw908_1210\node_modules\tar\test\parse.js
  • %TEMP%\nw908_1210\node_modules\tar\test\zz-cleanup.js
  • %TEMP%\nw908_1210\node_modules\tar\lib\global-header-writer.js
  • %TEMP%\nw908_1210\node_modules\tar\lib\extract.js
  • %TEMP%\nw908_1210\node_modules\tar\lib\extended-header.js
  • %TEMP%\nw908_1210\node_modules\tar\lib\extended-header-writer.js
  • %TEMP%\nw908_1210\node_modules\tar\lib\entry.js
  • %TEMP%\nw908_1210\node_modules\tar\lib\entry-writer.js
  • %TEMP%\nw908_1210\node_modules\tar\lib\buffer-entry.js
  • %TEMP%\nw908_1210\node_modules\tar\examples\reader.js
  • %TEMP%\nw908_1210\node_modules\tar\examples\packer.js
  • %TEMP%\nw908_1210\node_modules\tar\examples\extracter.js
  • %TEMP%\nw908_1210\node_modules\tar\readme.md
  • %TEMP%\nw908_1210\node_modules\stringstream\stringstream.js
  • %TEMP%\nw908_1210\node_modules\stringstream\package.json
  • %TEMP%\nw908_1210\node_modules\tar\lib\header.js
  • %TEMP%\nw908_1210\node_modules\tough-cookie\lib\cookie.js
  • %TEMP%\nw908_1210\node_modules\universal-analytics\test\item.js
  • %TEMP%\nw908_1210\node_modules\tunnel-agent\index.js
  • %TEMP%\nw908_1210\node_modules\universal-analytics\node_modules\async\component.json
  • %TEMP%\nw908_1210\node_modules\universal-analytics\readme.md
  • %TEMP%\nw908_1210\node_modules\universal-analytics\index.js
  • %TEMP%\nw908_1210\node_modules\universal-analytics\lib\config.js
  • %TEMP%\nw908_1210\node_modules\universal-analytics\lib\index.js
  • %TEMP%\nw908_1210\node_modules\universal-analytics\lib\utils.js
  • %TEMP%\nw908_1210\node_modules\universal-analytics\node_modules\async\readme.md
  • %TEMP%\nw908_1210\node_modules\universal-analytics\node_modules\async\lib\async.js
  • %TEMP%\nw908_1210\node_modules\tar\test\parse-discard.js
  • %TEMP%\nw908_1210\node_modules\universal-analytics\node_modules\async\package.json
  • %TEMP%\nw908_1210\node_modules\universal-analytics\package.json
  • %TEMP%\nw908_1210\node_modules\universal-analytics\test\_enqueue.js
  • %TEMP%\nw908_1210\node_modules\universal-analytics\test\event.js
  • %TEMP%\nw908_1210\node_modules\universal-analytics\test\exception.js
  • %TEMP%\nw908_1210\node_modules\universal-analytics\test\index.js
  • %TEMP%\nw908_1210\node_modules\universal-analytics\history.md
  • %TEMP%\nw908_1210\node_modules\universal-analytics\acceptableparams.md
  • %TEMP%\nw908_1210\node_modules\underscore\underscore.js
  • %TEMP%\nw908_1210\node_modules\underscore\underscore-min.js.map
  • %TEMP%\nw908_1210\node_modules\underscore\underscore-min.js
  • %TEMP%\nw908_1210\node_modules\underscore\package.json
  • %TEMP%\nw908_1210\node_modules\underscore\readme.md
  • %TEMP%\nw908_1210\node_modules\tunnel-agent\package.json
  • %TEMP%\nw908_1210\node_modules\stringstream\example.js
  • %TEMP%\nw908_1210\node_modules\tunnel-agent\readme.md
  • %TEMP%\nw908_1210\node_modules\tough-cookie\package.json
  • %TEMP%\nw908_1210\node_modules\tough-cookie\lib\store.js
  • %TEMP%\nw908_1210\node_modules\tough-cookie\lib\pubsuffix-psl.js
  • %TEMP%\nw908_1210\node_modules\tough-cookie\lib\permutedomain.js
  • %TEMP%\nw908_1210\node_modules\tough-cookie\lib\pathmatch.js
  • %TEMP%\nw908_1210\node_modules\tough-cookie\lib\memstore.js
  • %TEMP%\nw908_1210\node_modules\stringstream\readme.md
  • %TEMP%\nw908_1210\node_modules\mime-db\readme.md
  • %TEMP%\nw908_1210\node_modules\mime-db\history.md
  • %TEMP%\nw908_1210\node_modules\json-stringify-safe\test\stringify_test.js
  • %TEMP%\nw908_1210\node_modules\asn1\lib\ber\types.js
  • %TEMP%\nw908_1210\node_modules\async\package.json
  • %TEMP%\nw908_1210\node_modules\async\lib\async.js
  • %TEMP%\nw908_1210\node_modules\async\component.json
  • %TEMP%\nw908_1210\node_modules\async\bower.json
  • %TEMP%\nw908_1210\node_modules\async\readme.md
  • %TEMP%\nw908_1210\node_modules\assert-plus\package.json
  • %TEMP%\nw908_1210\node_modules\assert-plus\assert.js
  • %TEMP%\nw908_1210\node_modules\assert-plus\readme.md
  • %TEMP%\nw908_1210\node_modules\asn1\tst\ber\writer.test.js
  • %TEMP%\nw908_1210\node_modules\asn1\tst\ber\reader.test.js
  • %TEMP%\nw908_1210\node_modules\asn1\package.json
  • %TEMP%\nw908_1210\node_modules\asn1\lib\index.js
  • %TEMP%\nw908_1210\node_modules\asn1\lib\ber\writer.js
  • %TEMP%\nw908_1210\node_modules\aws-sign2\index.js
  • %TEMP%\nw908_1210\node_modules\aws-sign2\readme.md
  • %TEMP%\nw908_1210\images\icon256.png
  • %TEMP%\nw908_1210\node_modules\asn1\lib\ber\errors.js
  • %TEMP%\nw908_1210\node_modules\asn1\readme.md
  • %TEMP%\nw908_1210\main.js
  • %TEMP%\nw908_1210\jquery.min.js
  • %TEMP%\nw908_1210\index.html
  • %TEMP%\nw908_1210\images\unexpand.png
  • %TEMP%\nw908_1210\images\search.png
  • %TEMP%\nw908_1210\images\minimize.png
  • %TEMP%\nw908_1210\images\loader.gif
  • %TEMP%\nw908_1210\images\icontray.png
  • %TEMP%\nw908_1210\images\icon48.png
  • %TEMP%\nw908_1210\images\icon36.png
  • %TEMP%\nw908_1210\images\icon32.png
  • %TEMP%\nw908_1210\node_modules\asn1\lib\ber\index.js
  • %TEMP%\nw908_1210\node_modules\asn1\lib\ber\reader.js
  • %TEMP%\nw908_1210\node_modules\balanced-match\license.md
  • %TEMP%\nw908_1210\images\icon24.png
  • %TEMP%\nw908_1210\node_modules\aws-sign2\package.json
  • %TEMP%\nw908_1210\node_modules\boom\lib\index.js
  • %TEMP%\nw908_1210\node_modules\boom\package.json
  • %TEMP%\nw908_1210\node_modules\boom\test\index.js
  • %TEMP%\nw908_1210\node_modules\brace-expansion\readme.md
  • %TEMP%\nw908_1210\node_modules\brace-expansion\index.js
  • %TEMP%\nw908_1210\node_modules\caseless\readme.md
  • %TEMP%\nw908_1210\node_modules\concat-map\index.js
  • %TEMP%\nw908_1210\node_modules\caseless\index.js
  • %TEMP%\nw908_1210\node_modules\caseless\package.json
  • %TEMP%\nw908_1210\node_modules\caseless\test.js
  • %TEMP%\nw908_1210\node_modules\combined-stream\readme.md
  • %TEMP%\nw908_1210\node_modules\combined-stream\lib\combined_stream.js
  • %TEMP%\nw908_1210\node_modules\combined-stream\package.json
  • %TEMP%\nw908_1210\node_modules\concat-map\readme.markdown
  • %TEMP%\nw908_1210\node_modules\boom\index.js
  • %TEMP%\nw908_1210\node_modules\block-stream\package.json
  • %TEMP%\nw908_1210\node_modules\block-stream\block-stream.js
  • %TEMP%\nw908_1210\node_modules\block-stream\readme.md
  • %TEMP%\nw908_1210\node_modules\bl\test\test.js
  • %TEMP%\nw908_1210\node_modules\bl\test\sauce.js
  • %TEMP%\nw908_1210\node_modules\bl\test\basic-test.js
  • %TEMP%\nw908_1210\node_modules\bl\package.json
  • %TEMP%\nw908_1210\node_modules\bl\bl.js
  • %TEMP%\nw908_1210\node_modules\bl\readme.md
  • %TEMP%\nw908_1210\node_modules\bl\license.md
  • %TEMP%\nw908_1210\node_modules\balanced-match\package.json
  • %TEMP%\nw908_1210\node_modules\balanced-match\index.js
  • %TEMP%\nw908_1210\node_modules\balanced-match\readme.md
  • %TEMP%\nw908_1210\node_modules\boom\images\boom.png
  • %TEMP%\nw908_1210\node_modules\boom\readme.md
  • %TEMP%\nw908_1210\images\icon20.png
  • %TEMP%\nw908_1210\images\icon16.png
  • %APPDATA%\messengertime\locales\kn.pak
  • %APPDATA%\messengertime\locales\iw.pak
  • %APPDATA%\messengertime\locales\it.pak
  • %APPDATA%\messengertime\locales\id.pak
  • %APPDATA%\messengertime\locales\hu.pak
  • %APPDATA%\messengertime\locales\hr.pak
  • %APPDATA%\messengertime\locales\hi.pak
  • %APPDATA%\messengertime\locales\gu.pak
  • %APPDATA%\messengertime\locales\fr.pak
  • %APPDATA%\messengertime\locales\fil.pak
  • %APPDATA%\messengertime\locales\fi.pak
  • %APPDATA%\messengertime\locales\fa.pak
  • %APPDATA%\messengertime\locales\et.pak
  • %APPDATA%\messengertime\locales\ko.pak
  • %APPDATA%\messengertime\locales\es.pak
  • %APPDATA%\messengertime\locales\en-us.pak
  • %APPDATA%\messengertime\locales\en-gb.pak
  • %APPDATA%\messengertime\locales\el.pak
  • %APPDATA%\messengertime\locales\de.pak
  • %APPDATA%\messengertime\locales\da.pak
  • %APPDATA%\messengertime\locales\cs.pak
  • %APPDATA%\messengertime\locales\ca.pak
  • %APPDATA%\messengertime\locales\bn.pak
  • %APPDATA%\messengertime\locales\bg.pak
  • %APPDATA%\messengertime\locales\ar.pak
  • %APPDATA%\messengertime\locales\am.pak
  • %APPDATA%\messengertime\nw.pak
  • %APPDATA%\messengertime\icudtl.dat
  • %APPDATA%\messengertime\ffmpegsumo.dll
  • %APPDATA%\messengertime\locales\es-419.pak
  • %APPDATA%\messengertime\locales\lt.pak
  • %APPDATA%\messengertime\locales\lv.pak
  • %APPDATA%\messengertime\locales\ja.pak
  • %APPDATA%\messengertime\locales\ml.pak
  • %TEMP%\nw908_1210\images\close.png
  • %APPDATA%\messengertime\locales\ta.pak
  • %TEMP%\nsa238e.tmp
  • %TEMP%\nsf644c.tmp\inetc.dll
  • %APPDATA%\messengertime\storage.json
  • %APPDATA%\microsoft\windows\start menu\programs\messengertime\messengertime.lnk
  • %APPDATA%\microsoft\windows\start menu\programs\messengertime\uninstall.lnk
  • %APPDATA%\messengertime\uninstall.exe
  • %TEMP%\nsf644c.tmp\system.dll
  • %APPDATA%\messengertime\locales\zh-tw.pak
  • %APPDATA%\messengertime\locales\zh-cn.pak
  • %APPDATA%\messengertime\locales\vi.pak
  • %APPDATA%\messengertime\locales\uk.pak
  • %APPDATA%\messengertime\locales\tr.pak
  • %APPDATA%\messengertime\locales\th.pak
  • %APPDATA%\messengertime\locales\te.pak
  • %APPDATA%\messengertime\locales\mr.pak
  • %TEMP%\nw908_1210\images\expand.png
  • %APPDATA%\messengertime\locales\ro.pak
  • %APPDATA%\messengertime\locales\sw.pak
  • %APPDATA%\messengertime\locales\sv.pak
  • %APPDATA%\messengertime\locales\sr.pak
  • %APPDATA%\messengertime\locales\sl.pak
  • %APPDATA%\messengertime\locales\sk.pak
  • %TEMP%\nw908_1210\node_modules\brace-expansion\package.json
  • %APPDATA%\messengertime\locales\ru.pak
  • %TEMP%\nw908_1210\node_modules\concat-map\example\map.js
  • %APPDATA%\messengertime\locales\pt-br.pak
  • %APPDATA%\messengertime\locales\pl.pak
  • %APPDATA%\messengertime\locales\no.pak
  • %APPDATA%\messengertime\locales\nl.pak
  • %APPDATA%\messengertime\locales\ms.pak
  • %APPDATA%\messengertime\locales\pt-pt.pak
  • %TEMP%\nw908_1210\node_modules\async\support\sync-package-managers.js
  • %TEMP%\nw908_1210\node_modules\concat-map\package.json
  • %TEMP%\nw908_1210\node_modules\hoek\readme.md
  • %TEMP%\nw908_1210\node_modules\hawk\lib\crypto.js
  • %TEMP%\nw908_1210\node_modules\hawk\test\utils.js
  • %TEMP%\nw908_1210\node_modules\hawk\test\uri.js
  • %TEMP%\nw908_1210\node_modules\hawk\test\server.js
  • %TEMP%\nw908_1210\node_modules\hawk\test\readme.js
  • %TEMP%\nw908_1210\node_modules\hawk\test\message.js
  • %TEMP%\nw908_1210\node_modules\hawk\test\index.js
  • %TEMP%\nw908_1210\node_modules\hawk\test\crypto.js
  • %TEMP%\nw908_1210\node_modules\hawk\test\client.js
  • %TEMP%\nw908_1210\node_modules\hawk\test\browser.js
  • %TEMP%\nw908_1210\node_modules\hawk\package.json
  • %TEMP%\nw908_1210\node_modules\hawk\lib\utils.js
  • %TEMP%\nw908_1210\node_modules\hawk\lib\server.js
  • %TEMP%\nw908_1210\node_modules\hawk\lib\index.js
  • %TEMP%\nw908_1210\node_modules\hoek\lib\escape.js
  • %TEMP%\nw908_1210\node_modules\hoek\images\hoek.png
  • %TEMP%\nw908_1210\node_modules\hoek\index.js
  • %TEMP%\nw908_1210\node_modules\hawk\index.js
  • %TEMP%\nw908_1210\node_modules\hawk\images\logo.png
  • %TEMP%\nw908_1210\node_modules\hawk\images\hawk.png
  • %TEMP%\nw908_1210\node_modules\hawk\example\usage.js
  • %TEMP%\nw908_1210\node_modules\hawk\readme.md
  • %TEMP%\nw908_1210\node_modules\graceful-fs\polyfills.js
  • %TEMP%\nw908_1210\node_modules\graceful-fs\package.json
  • %TEMP%\nw908_1210\node_modules\graceful-fs\legacy-streams.js
  • %TEMP%\nw908_1210\node_modules\graceful-fs\graceful-fs.js
  • %TEMP%\nw908_1210\node_modules\graceful-fs\fs.js
  • %TEMP%\nw908_1210\node_modules\graceful-fs\readme.md
  • %TEMP%\nw908_1210\node_modules\glob\sync.js
  • %TEMP%\nw908_1210\node_modules\glob\package.json
  • %TEMP%\nw908_1210\node_modules\hawk\lib\browser.js
  • %TEMP%\nw908_1210\node_modules\hoek\lib\index.js
  • %TEMP%\nw908_1210\node_modules\json-stringify-safe\test\mocha.opts
  • %TEMP%\nw908_1210\node_modules\http-signature\http_signing.md
  • %TEMP%\nw908_1210\node_modules\isarray\build\build.js
  • %TEMP%\nw908_1210\node_modules\inflight\package.json
  • %TEMP%\nw908_1210\node_modules\inherits\readme.md
  • %TEMP%\nw908_1210\node_modules\inherits\inherits.js
  • %TEMP%\nw908_1210\node_modules\inherits\inherits_browser.js
  • %TEMP%\nw908_1210\node_modules\inherits\package.json
  • %TEMP%\nw908_1210\node_modules\isarray\readme.md
  • %TEMP%\nw908_1210\node_modules\isarray\component.json
  • %TEMP%\nw908_1210\node_modules\concat-map\test\map.js
  • %TEMP%\nw908_1210\node_modules\isarray\index.js
  • %TEMP%\nw908_1210\node_modules\isarray\package.json
  • %TEMP%\nw908_1210\node_modules\json-stringify-safe\changelog.md
  • %TEMP%\nw908_1210\node_modules\json-stringify-safe\readme.md
  • %TEMP%\nw908_1210\node_modules\json-stringify-safe\package.json
  • %TEMP%\nw908_1210\node_modules\json-stringify-safe\stringify.js
  • %TEMP%\nw908_1210\node_modules\inflight\inflight.js
  • %TEMP%\nw908_1210\node_modules\inflight\readme.md
  • %TEMP%\nw908_1210\node_modules\http-signature\package.json
  • %TEMP%\nw908_1210\node_modules\http-signature\lib\verify.js
  • %TEMP%\nw908_1210\node_modules\http-signature\lib\util.js
  • %TEMP%\nw908_1210\node_modules\http-signature\lib\signer.js
  • %TEMP%\nw908_1210\node_modules\http-signature\lib\parser.js
  • %TEMP%\nw908_1210\node_modules\http-signature\lib\index.js
  • %TEMP%\nw908_1210\node_modules\hawk\lib\client.js
  • %TEMP%\nw908_1210\node_modules\http-signature\readme.md
  • %TEMP%\nw908_1210\node_modules\hoek\test\modules\test3.js
  • %TEMP%\nw908_1210\node_modules\hoek\test\modules\test2.js
  • %TEMP%\nw908_1210\node_modules\hoek\test\modules\test1.js
  • %TEMP%\nw908_1210\node_modules\hoek\test\index.js
  • %TEMP%\nw908_1210\node_modules\hoek\test\escaper.js
  • %TEMP%\nw908_1210\node_modules\hoek\package.json
  • %TEMP%\nw908_1210\node_modules\glob\glob.js
  • %TEMP%\etilqs_wensbd4ofubrria
  • %LOCALAPPDATA%\messengertime\cache\45e8a7b3a9a39630_0
  • %TEMP%\nw908_1210\node_modules\glob\readme.md
  • %TEMP%\nw908_1210\node_modules\delayed-stream\test\integration\test-proxy-readable.js
  • %TEMP%\nw908_1210\node_modules\delayed-stream\test\integration\test-pipe-resumes.js
  • %TEMP%\nw908_1210\node_modules\delayed-stream\test\integration\test-max-data-size.js
  • %TEMP%\nw908_1210\node_modules\delayed-stream\test\integration\test-handle-source-errors.js
  • %TEMP%\nw908_1210\node_modules\delayed-stream\test\integration\test-delayed-stream.js
  • %TEMP%\nw908_1210\node_modules\delayed-stream\test\integration\test-delayed-stream-pause.js
  • %TEMP%\nw908_1210\node_modules\delayed-stream\test\integration\test-delayed-stream-auto-pause.js
  • %TEMP%\nw908_1210\node_modules\delayed-stream\test\integration\test-delayed-http-upload.js
  • %TEMP%\nw908_1210\node_modules\delayed-stream\test\common.js
  • %TEMP%\nw908_1210\node_modules\delayed-stream\package.json
  • %TEMP%\nw908_1210\node_modules\delayed-stream\lib\delayed_stream.js
  • %TEMP%\nw908_1210\node_modules\delayed-stream\readme.md
  • %TEMP%\nw908_1210\node_modules\ctype\tools\jsl.conf
  • %TEMP%\nw908_1210\node_modules\forever-agent\readme.md
  • %TEMP%\nw908_1210\node_modules\ctype\package.json
  • %TEMP%\nw908_1210\node_modules\ctype\ctype.js
  • %TEMP%\nw908_1210\node_modules\ctype\ctio.js
  • %TEMP%\nw908_1210\node_modules\ctype\ctf.js
  • %TEMP%\nw908_1210\node_modules\ctype\readme.old
  • %TEMP%\nw908_1210\node_modules\cryptiles\test\index.js
  • %TEMP%\nw908_1210\node_modules\cryptiles\package.json
  • %TEMP%\nw908_1210\node_modules\cryptiles\lib\index.js
  • %TEMP%\nw908_1210\node_modules\cryptiles\index.js
  • %TEMP%\nw908_1210\node_modules\cryptiles\readme.md
  • %TEMP%\nw908_1210\node_modules\core-util-is\test.js
  • %TEMP%\nw908_1210\node_modules\core-util-is\package.json
  • %TEMP%\nw908_1210\node_modules\core-util-is\lib\util.js
  • %TEMP%\nw908_1210\node_modules\core-util-is\float.patch
  • %TEMP%\nw908_1210\node_modules\core-util-is\readme.md
  • %TEMP%\nw908_1210\node_modules\ctype\man\man3ctype\ctio.3ctype
  • %TEMP%\nw908_1210\node_modules\forever-agent\index.js
  • %TEMP%\nw908_1210\node_modules\delayed-stream\test\run.js
  • %TEMP%\nw908_1210\node_modules\forever-agent\package.json
  • %TEMP%\nw908_1210\node_modules\fstream\package.json
  • %TEMP%\nw908_1210\node_modules\fstream\fstream.js
  • %TEMP%\nw908_1210\node_modules\fstream\lib\writer.js
  • %TEMP%\nw908_1210\node_modules\fstream\lib\socket-reader.js
  • %TEMP%\nw908_1210\node_modules\fstream\lib\reader.js
  • %TEMP%\nw908_1210\node_modules\fstream\lib\proxy-writer.js
  • %TEMP%\nw908_1210\node_modules\fstream\lib\proxy-reader.js
  • %TEMP%\nw908_1210\node_modules\fstream\lib\link-writer.js
  • %TEMP%\nw908_1210\node_modules\fstream\lib\link-reader.js
  • %TEMP%\nw908_1210\node_modules\fstream\lib\get-type.js
  • %TEMP%\nw908_1210\node_modules\fstream\lib\file-writer.js
  • %TEMP%\nw908_1210\node_modules\fstream\lib\file-reader.js
  • %TEMP%\nw908_1210\node_modules\fstream\lib\dir-writer.js
  • %TEMP%\nw908_1210\node_modules\fstream\lib\dir-reader.js
  • %TEMP%\nw908_1210\node_modules\fstream\lib\collect.js
  • %TEMP%\nw908_1210\node_modules\fstream\lib\abstract.js
  • %TEMP%\nw908_1210\node_modules\fstream\examples\symlink-write.js
  • %TEMP%\nw908_1210\node_modules\form-data\readme.md
  • %TEMP%\nw908_1210\node_modules\fstream\examples\reader.js
  • %TEMP%\nw908_1210\node_modules\fstream\examples\pipe.js
  • %TEMP%\nw908_1210\node_modules\fstream\examples\filter-pipe.js
  • %TEMP%\nw908_1210\node_modules\fstream\readme.md
  • %TEMP%\nw908_1210\node_modules\fs.realpath\package.json
  • %TEMP%\nw908_1210\node_modules\fs.realpath\old.js
  • %TEMP%\nw908_1210\node_modules\glob\common.js
  • %TEMP%\nw908_1210\node_modules\fs.realpath\readme.md
  • %TEMP%\nw908_1210\node_modules\form-data\package.json
  • %TEMP%\nw908_1210\node_modules\form-data\node_modules\mime-types\package.json
  • %TEMP%\nw908_1210\node_modules\form-data\node_modules\mime-types\index.js
  • %TEMP%\nw908_1210\node_modules\form-data\node_modules\mime-types\readme.md
  • %TEMP%\nw908_1210\node_modules\form-data\node_modules\mime-types\history.md
  • %TEMP%\nw908_1210\node_modules\form-data\lib\form_data.js
  • %TEMP%\nw908_1210\node_modules\glob\changelog.md
  • %LOCALAPPDATA%\messengertime\cache\5ec195c554dc9470_0
Deletes the following files
  • %TEMP%\nsf644c.tmp\inetc.dll
  • %TEMP%\nsf644c.tmp\system.dll
  • %LOCALAPPDATA%\messengertime\cache\todelete_2a0faaae626f8248
  • %LOCALAPPDATA%\messengertime\databases\file__0\1-journal
  • %LOCALAPPDATA%\messengertime\cache\index-dir\the-real-index~rf14e194.tmp
Moves the following files
  • from %LOCALAPPDATA%\messengertime\cache\index-dir\temp-index to %LOCALAPPDATA%\messengertime\cache\index-dir\the-real-index
  • from %LOCALAPPDATA%\messengertime\cache\3daa17c1ef12c9cd_0 to %LOCALAPPDATA%\messengertime\cache\todelete_2a0faaae626f8248
  • from %LOCALAPPDATA%\messengertime\cache\index-dir\the-real-index to %LOCALAPPDATA%\messengertime\cache\index-dir\the-real-index~rf14e194.tmp
Substitutes the following files
  • %LOCALAPPDATA%\messengertime\cache\3daa17c1ef12c9cd_0
  • %LOCALAPPDATA%\messengertime\databases\file__0\1-journal
  • %LOCALAPPDATA%\messengertime\cache\index-dir\the-real-index
Network activity
TCP
HTTP GET requests
  • /update_manager/messengertime/14.1906.1?au########### via au#######eserver.herokuapp.com
HTTP POST requests
  • http://www.go#####analytics.com/collect
  • /collect via go#####analytics.com
  • 'tr###.fourtiz.com':443
  • 'to###.fourtiz.com':443
  • 'go#####analytics.com':80
  • 'me###nger.com':443
  • 'st####.xx.fbcdn.net':443
  • 'co#####.facebook.net':443
  • 'fa###ook.com':443
  • 'au.##urtiz.com':443
  • 'in##.##kitextbooks.info':443
  • 'bo###.fourtiz.com':443
    • UDP
    • DNS ASK tr###.fourtiz.com
    • DNS ASK go#####analytics.com
    • DNS ASK to###.fourtiz.com
    • DNS ASK me###nger.com
    • DNS ASK st####.xx.fbcdn.net
    • DNS ASK sc#######lht6-1.xx.fbcdn.net
    • DNS ASK co#####.facebook.net
    • DNS ASK fa###ook.com
    • DNS ASK au.##urtiz.com
    • DNS ASK in##.##kitextbooks.info
    • DNS ASK go.####textbooks.info
    • DNS ASK au#######eserver.herokuapp.com
    • DNS ASK bo###.fourtiz.com
    Miscellaneous
    Searches for the following windows
    • ClassName: 'Chrome_MessageWindow' WindowName: '%LOCALAPPDATA%\MessengerTime'
    Creates and executes the following
    • '%APPDATA%\messengertime\messengertime.exe' "su"
    • '%APPDATA%\messengertime\messengertime.exe' --type=gpu-process --channel="908.0.673165091\333920607" --no-sandbox --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,18,40 --gpu-vendor-id=0x0000 --gpu-device-id=0x0000 --gpu-driver-...
    • '%APPDATA%\messengertime\messengertime.exe' --type=renderer --js-flags=--expose-gc --no-sandbox --enable-deferred-image-decoding --lang=en-US --extension-process --nodejs --working-directory="%TEMP%\nw908_1210" --device-scale-factor=1 --...
    • '%WINDIR%\syswow64\cmd.exe' /s /c "driverquery /FO list /v"' (with hidden window)
    Executes the following
    • '%WINDIR%\syswow64\cmd.exe' /C "sc QUERY NPF | FIND /C "RUNNING""
    • '%WINDIR%\syswow64\sc.exe' QUERY NPF
    • '%WINDIR%\syswow64\find.exe' /C "RUNNING"
    • '%WINDIR%\syswow64\cmd.exe' /s /c "driverquery /FO list /v"
    • '%WINDIR%\syswow64\driverquery.exe' /FO list /v

    Curing recommendations

    1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
    2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
    Free trial

     

    Download Dr.Web

    Download by serial number

    Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

    Free trial

     

    Download Dr.Web

    Download by serial number

    Download on App Store

    After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

    Free trial

     

    Download Dr.Web

    Download by serial number

    1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
    2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
      • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
      • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
      • Switch off your device and turn it on as normal.

    Find out more about Dr.Web for Android

    Free trial

    14 days

    Download now
    Get it on Google Play